The Top Ten of ITM - ITIL

Transcription

1 William Favre Slater, III, MBA, M.S., PMP, CISSP, SSCP, CISA, ITIL v3, MCSE, MCSD, MCITP 1337 N. Ashland Ave. Unit Cellular: Office: and williamslater@gmail.com Skype Username: billslater Career Website: and LinkedIn: Titles / Roles: Senior Project Manager / Program Manager / Senior Consultant Career Goals: Director, CIO, CISO, CTO Specialties: Cloud Computing, IT Security, Information Security, Cybersecurity, Disaster Recovery, Business Continuity, Crisis Management, Business Resiliency, Business Analysis, System Analysis, IT Infrastructure Management, Technical Architecture, Data Center Operations, Data Center Development, Cyberforensics, Cyberwarfare, Social Engineering, Risk Management, Incident Management, Problem Management, IT Change Management, Application System Development, Database Administration, Data Architecture, Technical Service Development, Service Management and Service Transition, Technical Leadership, and Technical Training SUMMARY: October 2015 Mr. Slater's career has been characterized by both professional excellence and consistently reliable, high quality work performance. His technical background is both broad and deep, and has excellent skills, knowledge and experience in cybersecurity, Data Centers, infrastructure, software development and service management. He is an excellent leader and strategic thinker who will tactically engage and accomplish objectives on a timely basis. He adeptly communicates the business value of whatever he plans, and then executes on that plan. During his projects, he regularly reports the results to senior staff, stakeholders, and team members. He leads by example and is a results-driven, people-oriented technical manager who can effectively build, lead, and motivate high performance teams to meet and usually exceed customer expectations. Mr. Slater has often been chosen to assume the leadership of complex projects that were in trouble and boldly done so, organizing and driving his Team to successful while rising to meet and usually exceed the expectations of his sponsors and stakeholders. He has a coaching-mentoring style of leadership with the innate ability to build and lead high-performance, diverse Teams using the Peter Senge Learning Team Model. Indeed, he has personally mentored 14 others to obtain their PMP certifications and is always coaching and inspiring his team members toward greater career accomplishments. Mr. Slater has worked in some of the world s most demanding IT environments; among these are British Petroleum, the U. S. Department of Veterans Affairs, Microsoft, Technisource, and the United States Air Force. Each of these environments presented unique, high-pressure, high-visibility challenges that not only required intelligence, skills, experience and integrity, but they were demanding in ways that required creativity, adaptability and flexibility. Mr. Slater possesses exceptional skills in leadership, communication, technical abilities, and time management, and is a highly reliable, well-rounded, seasoned IT professional that can quickly adapt to and add extraordinary value to any organization. Mr. Slater is also an internationally recognized and published author, professor, and presenter on various cybersecurity topics such as risk management, compliance, cyberwarfare, and social engineering. OBJECTIVE: Experienced Senior IT Project Manager / Program Manager certified in PMP, CISSP, SSCP. CISA, ITIL, ISFS, MCSE, MCITP, and MCSD, available for technical project management work or a full-time position in positions related to projects associated with cybersecurity, Data Centers, other IT infrastructure, IT Security, compliance management (especially ISO 27001, FISMA, and COBIT), ITIL-based Service Transition and Service Management, and/or Application Development. Also seeking to eventually assume position as a director or a CIO, a CISO, or a CTO. I will be instrumental in helping my organization maintain a strategic, competitive edge by providing strong, positive leadership and driving excellent performance in the teams, projects, and services I lead in order to maximize the business value to the organization. This position should be challenging, provide Resume - William F. Slater, III This resume is the exclusive property of William F. Slater, III

2 project and/or program leadership opportunities, additional opportunities for growth, and be recognized as making a vital contribution to the organization. EDUCATION: M.S. in Cybersecurity, Bellevue University, Bellevue, NE, Graduated 2013 Master of Business Administration (MBA), University of Phoenix, Phoenix, AZ, Graduated 2010 Data Center Technology Certification Program, Marist College, Poughkeepsie, NY, Graduated 2008 M.S. in Computer Information Systems, University of Phoenix, Phoenix, AZ, Graduated 2004 Squadron Officers School, United States Air Force B.S. Engineering Technology, University of Memphis, Memphis, TN PROFESSIONAL CERTIFICATIONS: PMI Organization Project Management Professional - PMP Certification(s) (ISC) 2 Certified Information Systems Security Professional - CISSP System Security Certified Practitioner - SSCP PECB ISO Auditor Exin Information Security Management Expert based on ISO/IEC ISMES Information Security Foundation based on ISO/IEC ISFS Exin Information Technology Infrastructure Library - ITIL Foundation v3 and v2 Exin IT Service Management Foundation based on ISO/IEC ISACA The Art of Service Institute of Data Center Professionals (IDCP) Certified Information Systems Auditor - CISA Cloud Computing Foundation Certification Certified Data Center Professional - CDCP PROJECT MANAGEMENT EXPERIENCE - FINANCIALS: U.S. Department of Veterans Affairs, 7-person team, $1.5 million annual OpEx budget U.S. Department of Veterans Affairs, 48-person team, $11.5 million annual OpEx budget U.S. Department of Veterans Affairs, 14-person team, $2.2 million annual OpEx budget U.S. Air Force, 11-person Team, $1.3 million annual OpEx budget Komatsu Data Center Build and Migration Project (Technisource), $4 million CapEx budget and $5.5 million in cost savings Microsoft Chicago Data Center Manager, $43 million annual OpEx budget, $1 billion in CapEx budget U.S. Department of Veterans Affairs, 22-person team, $4.3 million annual OpEx budget BP Naperville Data Center, $4 million annual OpEx budget, and $1 million CapEx in annual projects INFORMATION TECHNOLOGY EXPERIENCE: Service Management Methodologies / Frameworks: ISO 20000, ITIL v3, ITIL v2, COBIT System Development Methodologies: Agile, SCRUM, RAD, RUP, SDLC, Waterfall. Project Management Methodologies: PMI PMBOK, PMBOK Lite, BP, Customized Project Management Methodologies, MethodOne, U.S. Air Force. Security and Compliance Frameworks: ISO 27001:2013 and ISO 27001:2005, Cloud Security Alliance Control Set, HIPAA, PCI DSS, NIST SP a FISMA, SAS 70 Type II, SSAE-16 Type II, Sarbanes-Oxley (SOX), and ISO Operating Systems: Windows Server 2008, Windows Server 2003, Windows 2000 Server, Windows 8, Windows 7, Windows Terminal Server 4.0, IOS, Citrix Metaframe 1.8,, RedHat Linux, Fedora Linux, UBUNTU Linux, SUSE Linux, AIX 5.4L, HP-UX, OpenVMS. Networks and Protocols: TCP/IP, IPv4, IPv6, BGP4, EIGRP, OSPF, RIP, RIP2, Ethernet, Fast Ethernet, HTTP, SNMP, SMTP, POP3, DNS, DHCP, DLC, RAS, PPTP, PPP, IPSec, SSL, WPA2, L2TP, EAP, and RDP. Hardware: Servers from these vendors: IBM, HP, Dell Servers, Digital, RS/6000, Sun Cobalt Qube; Laptops, IBM-PC Compatibles from 8088 to Intel i7. Nokia Lumia 920 & 1020, Dell Latitude 10 Tablet, and Microsoft Surface Pro. Small computers: Raspberry Pi Model B, Arduino. Also Wireless Routers, Wireless Access Points and other wireless networking devices: a, b, g, and n. Other hardware includes: Cisco VPN Concentrators, Cisco Routers, Cisco 2

3 Catalyst Switches, HP-UX RISC Workstations, VAX, Network Applications NAS Storage Device (100 TB), RAID 0, 1, and RAID 5 disk arrays, network interface cards, modems, switches, hubs, SCSI, IBM 30XX, tape drives, etc. Software and Utilities: MS Visio (certified), MS Project (certified), MS Word MS Excel, MS Access, MS PowerPoint, MS Outlook, Remedy, Microsoft Operations Manager, MS Project Server (certified), MS Sharepoint Server, Wireshark, Channelizer, Inssider, Ethereal, Splunk, Backtrack, NMAP, OWASP, BP Global Change Management System (GCMS), TCP/IP, SNORT, Nessus, PuTTY, Samba Server, DNS, DHCP, WINS, Active Directory, FTP Server, NMAP, MS Exchange Server, MS Internet Information Server, HP OpenView Network Node Manager, Network Associates Sniffer, MS FrontPage, Compaq Insight Manager, Citrix Metaframe, MS Internet Explorer, PaintShop Pro, Norton 360, Norton Anti-Virus, McAfee. CRM Applications: Vault with SQL Server, Sales Force (Training) Databases: SQL Server 2005, SQL Server 2000, Oracle, MS Access, Oracle Rdb. Networking Devices: Switches (managed and unmanaged), Cisco ASA, PaloAlto Firewalls, Cisco Clean Assess Network Access Control Device, b/g/n routers and wireless access points, Riverbed Steelhead devices, CSU/DSU s, DSL Modems, Cisco Routers, Cisco Switches, VPN Concentrators, Ethernet network interface cards, and a/b/g/n network interface cards. Development Tools and Platforms: Visual Basic.NET (VB.NET), ASP, ASP.NET, IIS, Visual Studio 2003, 2005, and 2008, Visual Basic 6, PERL, Java, Java J2EE, C#, C++, Python, VBScript, JavaScript, KIXStart, UML, XML, HTML, SQL, C. Data Center Automation Tasks, Tools & Experience: Have used several tools to automate the management of tasks required to efficiently manage a modern Data Center. Visit for a complete three-page list of Tasks and Tools. WORK EXPERIENCE: Contracting Resource Company (Chicago, IL) August Present Sr. IT Consultant / Sr. IT Security Consultant / Sr. IT Project Manager (Full time position, 40 hours per week) This Security Consultant role provides a single internal point of contact for local AM and regional security Service Delivery Managers, facilitating a direct and integrated working relationship. This is a key role for the Vendor Security Team, serving the Client as the deliver management focal for operational governance and overseeing the day to day activities as they relate to Security Services. Overview: Oversees / actions the following for Americas, EMEA and Asia-Pacific Security Incident Management - Manage security incidents and threats to the Client s systems and information assets Change Management - Raise appropriate change records, follow the change management procedures & ensure change records are appropriately approved by the Client/ Problem Management - Analyze problem records that are raised and escalate to management as appropriate Annual Security Policy and Standards Review Perform review of information security controls and security checks of system configuration System Health Checking - Perform review of systems to ensure compliance with Service Delivery documents User Revalidation/Privileged Access/Staff Termination/Physical Security Review - User reports to validate security access levels for the Client employees, systems & information assets. Responsibilities: 1. Regional Security Contact / Subject Matter Expert: 3

4 The single focal point for all things security in the AM region Represents AM region during security process & product evaluations Identify AM regional technology assets to be tracked or monitored using security tools and resources Assist development teams with security related questions SDLC process/ensuring the right standards are utilized as it relates to security Provides monthly reporting on the information security program effectiveness Conduct weekly security review meeting with Managed Security Services security teams and other teams who manage security in the region Reviews internal processes, standards, guidelines, requirements, and practices as it relates to Information Security Updates internal control structures and standard operating procedures to ensure efficient and transparent security management Supports communication of security information to the region 2. Overseas platform specific Security Programs: Mainframe, Midrange, Intel, Desktop and Network related. Security Integrity Advisory Management perform/oversee review of the APAR advisories, test and implement security changes as required to the Client s systems Systematic Attack Detection Monitoring perform/oversee monitoring and investigation of security event logs for any suspicious attempts to access the system. Identity Management - perform creation, deletion and suspension of User IDs Authentication Management - perform password resets, set password controls Media Handling - ensure management, storage and recalling of tapes process is followed Audit Trail Management - ensure the user access logs are created and retained for the required timeframe Anti-virus Management - perform daily reviews, automatically deployed to all appropriate servers and desktops Daily Firewall Event Monitoring - oversees daily firewall network violations reports and investigate logs as issues occur with the network Firewall Management - oversees changes to firewall rules as requested and approved by the Client. 3. Enterprise Security Management: Performs a Global role, as the point of contact between the regional Security SDMs, ISS (Vendor Security Services) and the Client. Develops a strong relationship with the customer; identifies gaps in service and provides recommendations. Communicates issues, requests and status directly with the Client Facilitates delivery for critical situations or sensitive projects that are Security related Conducts, reviews, updates, and administers the Enterprise security program as it relates to the region(s) Maintains/develops Enterprise and Regional security guidelines, practices, standards, and policies to protect the Client s IT and data assets Participates in weekly Enterprise Security staff meetings Provides input and feedback on current and future security standards and initiatives as it relates to regional activity Provides Enterprise Security with regular status information such as critical server status and vulnerability management follow-up Provides continuous improvement by developing Security delivery enhancements where necessary Assists in responding to RFPs (at least early stages). 4. Investigation/Incident Management: Work closely and coordinate security efforts with MSP Security focal on regional and Enterprise issues and incidents (virus outbreak or security patching for example) Be a resource to Corporate Investigations as needed 5. Security Training: 4

5 Develops and maintains information security training and security standard compliance reporting for the region Identifies security training needs and completing training requirements Assists Enterprise Security s development and delivery of security job aids and training documents 6. Risk Management: Maintains regional IT Risk Management efforts and participates in Enterprise Risk Management program 7. Vulnerability Management: Oversee vulnerability management and associated compliance activities working with MSP and IT staff in the region 8. Change Management: Coordinating with MSP to ensure all security work has proper change control entry and approvals Assess regional technology changes for potential security impact. 9. Compliance: Assists with reviews for security compliance when required by Audit or other 3rd parties Assist the Client s regional departments with completion of client RFPs or questionnaires related to the firm s information security program. Slater Technologies, Inc. (Chicago, IL) March Present Sr. IT Consultant / Sr. IT Security Consultant / Sr. IT Project Manager (Full time position, 40 hours per week) Working as a senior IT consultant on projects related to information security, compliance, security reviews, risk management, Internet of Things, Data Warehouses, and auditing. Also providing consultations as a subject matter expert on projects with Data Center vendors and other local businesses. Also, directly involved with writing proposals and providing technical guidance to help staffing companies win multi-million dollar, five-year contracts to sell program management services in infrastructure security, software development and infrastructure deployment. Working on Cybersecurity projects, including Business Resiliency assessments, formal risk assessments (NIST, ISO 27001, HIPAA, PCI, and COBIT), creation and automation of risk management frameworks, security audits, and a fast-track ISO implementation project for a software company to achieve ISO certification in Recent Clients: GoHealth, Accretive Solutions, Offisol Corporation, HCSC, IPSOS, Synovate, Panduit, Caveon, and CAPSIM Management Solutions. Recently appointed as Member of the Center for Cyber Security and Forensics Education at the Illinois Institute of Technology in Chicago, IL. Conducting research and writing on cyberwarfare and security tools such as Wireshark. Had articles published Hakin9 magazine in January 2013 and it was the cover story. This article and others are available for review on the web at Have had over 20 articles published since October 2012, with the most recent articles being published in June Designing and creating a database application that streamlines program management, security management, risk management and reporting activities, for management of teams of IT workers and developers in teleworking environments. It will first be a Windows application and then be ported to the web. Have developed and taught classes at the Illinois Institute of Technology in the areas of Cybersecurity, Data Center Operations, Data Center Architecture, Java programming, Information Technology hardware and software, Cybersecurity Management, Data Warehousing, and IT & Public Administration. 5

6 Wrote a technical paper describing the use of Cloud Data Center Services, (IaaS, and SaaS) as a key strategy for Disaster Recovery and Business Continuity. This service, Disaster Recovery as a Service (DRaaS) allows a business to dramatically shorten its Recovery Time Objectives (RTO) and its Recovery Point Objectives (RPO). Created and delivered presentations for IIT Forensecure 2015 and ISACA 2015 Chicago Security Conference: Teleworking: Risks, Challenges, Perils, and Successes. Created and delivered two presentations for IIT Forensecure 2014: one on Bitcoin, and one on Edward Snowden and how to prevent future human-related breaches. Created and delivered two presentations for IIT Forensecure 2013: one on Cyberwarfare, and one on PPD 20 and how it will affect Americans Northshore ASIS Chapter Presentations: Cyberwar in August 2013; in August 2014, created and delivered a presentation on the Implications of the 2013 NSA Edward Snowden Data Breach. Technatomy Corporation (Hines, IL) August 2014 June 2015 Sr. IT Project Manager (Full time position, 40 hours per week) Leading a talented Team of talented Engineers and related Support Staff in modernizing a complex legacy n-tier, enterprise client/server application that supports case management work flows for users that serve millions of disabled U.S. Military Veterans at the Veterans Benefits Administration in the U.S. Department of Veterans Affairs. CACI (Chicago, IL) July March 2012 Program Manager (Full time position, 50 hours per week) Worked as a program manager, managing several related development projects which will create the Nationwide Health Information Network (NwHIN) - a secure, nationwide, interoperable health information infrastructure for the U.S. Department of Veterans Affairs. This was a multi-tier, secure, integrated, distributed application that utilizes Java, J2EE, Oracle, and various web-related technologies, and it will interface with the Department of Defense as well as out-of-network and commercial medical providers. It was an Agile / SCRUM development project managed under the Virtual Lifetime Electronic Record initiative that was commissioned by the President Obama in April It was also 100% telework, and I managed 48 people and 4 major projects that were nationwide, in over 20 states. Duties included: Management of Application Development Project Managers Oversight of and direct participation in a Formal Risk Management Program Oversight of and participation in a Quality Management Program Oversight of Database Administrator Team Oversight of the Program Management Support Team Participation directly in Software Configuration Lifecycle Management (SCLM), Software Development Planning and Process Management as products were staged from development to Software Quality Assurance and then to preproduction for User Acceptance Testing Managed the transition of application software and databases from the Development environments into the Software Quality Assurance testing environments and the pre-production environments of the VA s Data Centers in Austin, TX and Martinsburg, WV. Also, developed and distributed multi-purpose details checklists for application development teams and the database development team to ensure that every step in every phase on these transitions was done accurately and completely without error or omission. These checklists also ensured that the Data Center staff members and the SQA Team members were satisfied that processes and procedures were properly followed in the Data Centers. Created the Work Breakdown Structure using MS Visio. Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials and Quality Management (CMMI) using MS Excel. Oversight of and participation in a Knowledge Management Program, including capturing Lessons Learned in a prototype system that I created for reporting and querying on lessons learned Worked on a special project to design and create a Cloud-based development environment for developers who had not yet received their clearances to directly access resources related to the U.S. Department of Veterans Affairs. This initiative allowed for quicker on-boarding of developers and maximized their effectiveness while meeting the security requirements of the U.S. Department of Veterans Affairs. In August 2011, worked closely with a CACI Senior Vice President to deliver the Cloud Services presentation that helped educate managerial and technical staff and initiate CACI s new Cloud-based services design and Cloud-based services programs. 6

7 Developed a research paper and presentation for senior management on best practices in management of teleworkers. Communication and close coordination with CACI Management and with VA Management to manage the program. Slater Technologies (Chicago, IL) January July 2011 Sr. IT Security Consultant / ISMS Architect (Full time position, 40 hours per week) ISMS Architect and Project Manager on project creating an ISO based Information Security Management System (ISMS). Initiated and planned this project and provided regular updates to senior level management including C-level executive management about the status, needs, and progress of this project. Using tools like MS SharePoint Server, Word, Access, PowerPoint, and Excel, I worked to create an Information Security Management System and Security Management framework with 133 controls and over 2000 policies to help manage risk and help drastically improve the information security posture of a multi-billion dollar, international data-intensive company. Worked directly with C-level executives, vice presidents, directors, and other stakeholders to demonstrate the business value of uniform security and compliance, and to make this happen. Also conducted an information security policy gap analysis, produced a risk analysis framework, created assessments, created the ISMS Scope, ISMS Policy, the Statement of Applicability, the Risk Treatment Plan, the Information Security Awareness Training Plan, Information Security Training materials, etc. I also produced the Security Management Framework, Security Management Plan, and produced almost 2000 information security-focused policies within the context of the company s culture and the ISO framework. Created techniques and tools using MS Access to automate Asset Management and Risk Assessments using the Brewer Event Model, and also to automate the document management and records management that is required by ISO Designed a generic information model and methodology for metrics management, and the evaluation of metrics performance for each of the ISO controls, to facilitate the continual improvement processes required by the Plan-Do-Check-Act initiatives required by ISO Produced weekly status with charts and diagrams that reported and tracked the status of all the project deliverables as well as showing the gradually increasing improvements that were being made in ISO compliance maturity. Also performed risk and security evaluations under HIPAA, PCI DSS, and FISMA. Engineering Services Network (offices in Arlington, VA) January 2010 to January 2011 Project Manager for the Department of Veterans Affairs (Full time position, 52 hours per week) Led a 14-person Tier III IT Security Support Team at the VA Network Security Operations Center in Hines, IL to provide network security and defense, analysis and problem resolution on the VA s national Private Cloud-based IT infrastructure on a 24 x 7 basis. This enterprise IT infrastructure has over 30,000 servers and over 330,000 desktops, and has managed IT assets and data located in all 50 states. Major Accomplishments: Joined the team in January 2010 on a project that was in cure status, and led the effort to turn around a $2.2 million Tier III IT security management project, helped win a second year, which was the first Option Year for the project contract, as well as helping win additional consulting project contracts totaling more than $20 million in new business at the Department of Veterans Affairs. I was awarded the company s Employee of the Quarter Award in recognition of the excellent work on these efforts. Developed over 400 security management-related performance reports and led the development of technical Standard Operating Procedure documents required by both the VA s Performance Work Statement and ad hoc report requests that the VA initiated. Developed documented Quality Management procedures to ensure high-quality reports with meticulous attention to detail were submitted to VA Management. Led a Visual Basic 2008 application development effort to design and develop an automated time tracking system that helped track and report on the tasks and times associated with the over 30 job functions that comprise the dayto-day responsibilities of IT Security Analysts. Developed all the required Project Management documents for the second year of the contract including the Communications Plan, the Staffing Management Plan, the Process Improvement Plan, the Project Management Plan, Risk Management Plan, and Lessons Learned documentation. Enhanced the Quality Management Plan and developed the new Service Level Agreement metrics by which the Team s performance would be measured and managed. 7

8 Developed the Project Transition Plan for the Year 1 to Year 2 transition for this Tier III IT Security Support Team, which included 1) new staff management plan to staff up for dual site 24 x 7 coverage for Tier III IT security support; 2) Risk management for the entire transition; and 3) a detailed schedule / plan of future performance work statement deliverables. Then I managed the transition from the Year 1 contract to the Year 2 contract. Used Remedy to manage and track the team s technical work on security incidents, and generate regular reports weekly, bi-weekly, monthly, and quarterly to report on the team s performance. Developed a Knowledgebase for managing and reporting on data related to security management on the VA s infrastructure, and to increase the efficiency of teamwork on the Tier III Team. Data being tracked and managed includes false positives, incidents, incident categories, threats, threat tags, threat categories, and the analysts doing the work. Created the Work Breakdown Structure using MS Visio. Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials using MS Excel. Developed a technical training plan and program and provided IT security training materials that I developed for (ISC) 2 SSCP certification to the entire team to help ensure each team member s optimal performance. Providing guidance and mentoring for several of the Team members and helping them attain their personal and professional career development goals in earning these certifications: Project+, CISSP, and Security+. Wrote several team policies related to workplace performance and behaviors, as well as compliance initiatives as required by the client and Human Resources. Produced weekly status with charts and diagrams that reported and tracked the status of all the project deliverables as well as showing the gradually increasing improvements that were being made. CSSS.NET (offices in Bellevue, NE) September 2009 to January 2010 Project Manager for the United States Air Force (Full time position, 50 hours per week) At Peterson AFB, CO for the 561 st Network Operations Squadron, formed and led a 12-person Team to accomplish an ITIL v3 IT Services Management implementation and a service management transition for the United States Air Force. Initiated and planned this project and provided regular updated to senior level management including executive management about the status, needs, and progress of this project. This ITIL service management implementation was designed to introduce a major service transition and services management based on ITIL v3, so that the U.S. Air Force could begin to implement a Cloud-based services model for its IT Resources. It also allowed for continuous service improvement processes to every facet of their global Information Technology infrastructure, and when it was completed, it became the world s largest full-scale pure ITIL v3 implementation. Led and managed the development of the project plan for this ITIL v3 implementation. We also used Remedy 7.1 for ITIL v3 processes related to the Service Desk, Incident Management, Problem Management, Release Management, Asset Management, Configuration Management, Change Management, and Knowledge Management. This Remedy installation is the world s largest occurrence of Remedy. Wrote several team policies related to workplace performance and behaviors, as well as compliance initiatives as required by the client and Human Resources. Created the Work Breakdown Structure using MS Visio. Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials using MS Excel. Provided ITIL v3 documentation and training resources to team members to ensure that all team members could perform optimally. Identified and hired the ITIL Expert who was the Subject Matter Expert for the Team and the Customer. Technisource Corporation, Itasca IL November 2008 to March 2009 Technical Project Manager (Full time position, 50 hours per week) Managed a large Private Cloud Data Center Migration Project for Komatsu, large international manufacturing company, which involved a significant in-sourcing initiative where servers were being migrated from an out-sourced facility to an inhouse facility. Initiated and planned this project and provided regular updated to senior level management including C-level executive management about the status, needs, and progress of this project. (Note: I took this temporary position knowing that the project would end in Spring 2009 as the project was completing.) 8

9 Chief accomplishment: Successfully reengineered, reorganized, and managed a Data Center Migration project that was already 24 months behind schedule, resulting in cost savings of more than $5.5 million. It was a Private Cloud Data Center, and the security, planning in technology and space allocation, design and growth potential allowed it to become the focal point for all Private Cloud Data Center Services in the Western Hemisphere for Komatsu. Managed the construction of the new Data Center. Helped to restructure and provisioning of the WAN infrastructure, both primary and backup circuits for Internet and for MPLS circuits. Worked on the design of the Data Center LAN and physical Security Infrastructure. Helped select, qualify, and train the Team of Data Center Specialists who will permanently staff the Data Center, 24 x 7. Helped qualify and select a Managed Network Services Provider to monitor the network, 24 x 7. Managed the Project Management Plan, all Project Procurement Financials, and the Project Risk Management Plan and Risk Register. Assisted with planning and managing the virtualization and migration of Applications into the new Data Center. Server Virtualization and Refresh Efforts: Assisted with planning and managing the virtualization and migration of Applications into the new Data Center. We were required to migrate applications into new servers for the new Data Center because the old servers in the old Data Center were at the end of their useful life. Result: After the analysis effort, we created a design and plan for migrating 55 servers into 8 physical servers. We virtualized the old server images and placed multiple images on each of the new servers that were running ESX by VMware. The data for these servers was also migrated at the old Data Center site using a migration staging server. After the new virtualized servers were installed, there was an extensive testing effort to ensure that the newly virtualized servers performed as required to meet the customer's expectations and business needs. Designed and implemented an advanced WAN optimization architecture using Riverbed Steelhead devices. Led the development of the ITIL v3-based Service Catalog, Service Delivery Model and the Service Transition for the IT Organization. We also used Maximo for ITIL v3 processes related to the Service Desk, Incident Management, Problem Management, Release Management, Asset Management, Configuration Management, Change Management, and Knowledge Management. Participated in the qualification and selection of the Service Desk Solution and Service Desk Provider. Designed the Operating Model and the Operations Guides for two Data Centers based on ITIL Service Management. Led the effort to create viable Disaster Recovery Plan and get it updated for two primary operational Data Center sites. Created all standardized Data Center Reports for two Data Centers. Managed the launch, education and Control Monitoring Initiative to bring the two Data Centers into Compliance under ISO 27001, SAS 70 Type II, and SOX. Also utilized COBIT guidelines. Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials using MS Excel. Did a large share of the work in the CapEx and OPEx Budgets for the new Data Center. Microsoft Corporation, (Headquarters in Redmond, WA, work location in a suburb of Chicago) March 2008 to October 2008 Data Center Manager / Sr. IT Operations Program Manager II (Full time position, 80 hours per week) I managed and was responsible for the Microsoft Chicago Cloud Data Center, a $6 billion project which was built in Northlake, IL, western suburb of Chicago. It was the world s largest Cloud Data Center, in floor space (705,000 sq ft), in power consumption (120 MW), and in the volume capacity for servers. It will eventually house over 330,000 physical servers, and today it remains Microsoft s Flagship Cloud Data Center. The Microsoft Chicago Cloud Data Center is also the world s first location where Data Center Modules (think 40-foot shipping containers) were implemented and tested on a mass scale. I was directly involved in the selection of the manufacturing vendor, as well as the operational implementation of this new containerized computing technology, writing the procedures to install and integrate them into the Chicago Data Center. Managed and worked with contractors and subcontractors who provide cooling, electrical, telecommunications, security, cleaning, and cabling services for an operational area that is inside a construction zone, as well managing 9

10 facilities people who are providing the cooling services, power, Building Management System, VESDA, EPMS, and data services to the Data Center Modules mentioned above. I also managed staff of 22 superstar Data Center professionals that help me manage this 24 x 7 operation. Two thirds of this staff was responsible for the cooling equipment, electrical equipment, fire protection, and automated facilities systems all of which provide the critical environment services at this Data Center. The other one third of my staff provided the technical services for IT equipment installation, configuration and data networking. Building this state-of-the-art facility generated approximately 3,000 construction-related jobs with a peak workforce of around 2,800 workers. More than 1.5 million man-hours of labor went into the project, and the total investment in the facility will exceed $1 Billion. For the first year, of the Microsoft Chicago Data Center, the operational budget exceeded $40 million, and in following years as the facility becomes filled with servers, this was expected to exceed $120 million. Implemented, tracked and enforced security management controls under SAS 70 and ISO and to ensure compliance for passing certification audits. The Microsoft Chicago Cloud Data Center achieved ISO certification in May 2010 as a result of these efforts. Worked on the Disaster Recovery Plan and kept it updated to reflect organizational and infrastructure changes. Managed the Project Plan and Schedule using MS Project. Managed manpower schedules, Risk Management Register, and also the Project Financials using MS Excel. Finally, using Visual Basic 2008, I designed and developed an automated time tracking system that helps track the times associated with the over 40 job functions that comprise the day-to-day responsibilities of a Microsoft Data Center Manager, in an environment that is constantly filled with intensity, non-stop multitasking with a sense of operational urgency. CSSS.NET, (offices in Bellevue, NE and Chicago, IL) November 2006 to March 2008 Program Manager for the Veterans Administration in Hines, IL (Full time position, 50 hours per week) On contract worth over $4 million in annual revenue, I managed a 21-person Team of senior level system engineers who support MS Exchange Server 2003, Blackberry Cell Phone / PDAs, Windows Server 2003, Microsoft Operations Manager, and Tivoli Backup Manager. This team supported the 24 x 7 business electronic messaging needs of over 300,000 users at the VA, and potentially affect interactions with an additional 500,000 users and are considered to be extremely business critical. We used Remedy to manage and track the team s technical work on customer messaging incidents, and generate regular reports weekly, monthly, and quarterly, and yearly to report on the team s performance. During 2007, this Team resolved over 5700 Remedy Tickets. I was responsible for all personnel management issues for this team including interviewing, recommendations for hiring and firing, performance evaluations, schedule and resource management, team development and career planning, etc. I screened and hired 14 employees during the time I managed this Team. Managed the Project Plan and Schedule using MS Project. Managed manpower schedules, Risk Management Register, and also the Project Financials using MS Excel. I was also the technical lead project manager on the 2007 Data Center Migration and Consolidation Project in which more 200 production servers and an EMC SAN were planned for migration into a high-security Data Center. Upon voluntarily leaving this position to go work for Microsoft, I wrote an extremely detailed 65-page Program Manager Transition Guide on how to do my job, to ensure that the new Program Manager would be successful. Contractor at British Petroleum, Naperville, IL May 2001 to November 2006 Data Center Manager / Change Management Manager / Project Manager (Three Roles in this position) 1) Data Center Manager for all operational aspects BP Naperville s Data Center that housed hundreds of Servers (Windows Server 2003, Windows 2000 Server, Solaris, and Linux) as well as a network infrastructure that forms one of the largest hubs in North America, and also had responsibilities for three nearby satellite Data Centers totaling 50 additional servers. Managed a 2.5 year project that re-centralized that management of the Data Center, as well as three smaller satellite Data Centers. Enforced compliance requirements under ISO and SOX. 10

11 Asset Management and Configuration Management: Developed and Managed an Asset Management Database and tracked all IT assets in four Data Centers in a full life-cycle, from installation to disposal, and created weekly, monthly, quarterly and yearly reports for BP management on the status and configuration of each of these assets. Also used this database to generate reports that quantitatively show the hottest areas of Data Center by reporting on the wattage per rack. This data was used to optimize the cooling efforts in the facility. Managed eight migration projects during which other remote Data Centers were shut down and had their assets migrated into this Data Center. Updated all the asset and configuration information into the asset management database. Managed a project where we migrated all the equipment associated with a 150 TB NetApp NAS from Houston, TX to the BP Naperville Data Center. We were successful, coming in ahead of schedule and under budget, and achieving success ahead of the worst part of the 2006 hurricane season. I was awarded a $1000 bonus for being successful on this project due to the high visibility and critical nature. Also managed this NAS device and handled drive failures after it was installed and operational in our Data Center. For 5.5 years, I managed and worked with contractors and subcontractors that provided cooling, electrical, fire protection, telecommunications, security, cleaning, and cabling services for each of these Data Centers. I also managed Teams of IT professionals that provided technical services for IT equipment installation, configuration and data networking. Server Refresh Efforts: During the 5.5 years I managed the BP Naperville Data Center, there were over 400 servers. Planned and supervised the replacement of more than 93% of the older servers in total. Oversaw major refresh initiatives: 1) modernization of operating systems from NT 4 Server to Windows Server 2000, which required some new servers also; 3) upgrades from Windows Server 2000 to Windows Server 2003; and 2) a large replacement project of about 100 old COMPAQ Servers with HP Servers during Also was responsible for the safety inspections, as well as all activities related to the facility and maintenance and upgrades that occasionally occur. This included all equipment related to power, security, fire protection, VESDA, UPS, and HVAC. In addition, also responsible for management and coordination of all vendors and contractors who performed work in these Data Centers. Worked on the Disaster Recovery Plan / Business Continuity Plan, and Risk Register, and kept them all updated to reflect organizational, IT asset, and infrastructure changes. Participated in semi-yearly testing of Disaster Recovery Plan / Business Continuity to verify the plans and ensure that everyone knew their roles in how to recover from one or more disasters. Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials using MS Excel. Wrote several policies related to workplace performance and behaviors, as well as compliance initiatives as required by the client. Trained personnel in processes for IT Service Transition, Service Management and Continuous Service Improvement related to performing technical project work in the Data Center. 2) Change Management Manager for a nationwide region comprised of 67 sites, and scores of servers, routers, switches, scores of WAN Circuits, etc. As the Change Management Coordinator for the North Eastern Change Advisory Board which meets at 1:00 PM each Monday, I managed the coordination and approval of Change Requests to the BP infrastructure components for approximately 67 sites. I also routinely processed Emergency Change Requests and publishing of custom Change Notifications which in effect announced approved Changes and approved Outages to the BP Infrastructure throughout North America. Wrote the policies, processes and procedures for Data Center Management and Change Management, and kept them updated as part f the continuous process improvement initiative. Was certified in ITIL Foundation v2, and assisted co-workers and management in learning and adopting ITIL-related processes, including Change Management, Asset Management, and Configuration Management. Enforced SOX compliance requirements related to Change Management. 3) System Engineer on a large Active Directory domain network (over 2000 servers total, distributed globally). Technologies used: SQL Server, MS Access, NT Server 4.0, Windows 2000 Server and Windows 2000 Professional, IIS, FrontPage, HTML, Windows Terminal Services, PCAnywhere, etc. scripting in PERL, VBScript, and KIXStart. 11

12 Chicago Manufacturing Center April 2000 to March 2001 Sr. Business Advisor / Database Administrator As this organization s DBA and primary advisor on computer, networking, and Internet technologies, I was responsible for maintaining Vault, a Customer Relationship Management (CRM) system and providing reports that ensured that 75% of its revenues were received in the form of government grants. Primary tools used were MS SQL Server, NT Server, MS Access and SQL. Other accomplishments included: data quality analysis, writing data correction routines to clean the data, doing the analysis and research that led to the modernization of the entire networking infrastructure, documenting all aspects of the DBA position and responsibilities, helping to select and train my replacement. Also managed the successful migration of their Data Center in December 2000, including all networking and computing assets, into a new facility, including 12 servers, and 25 desktop computers. PROFESSIONAL TRAINING AND CAREER DEVELOPMENT: Developed and delivered graduate and undergraduate training (lectures, exercises, and exams) at the Illinois Institute of Technology for six years. Topics: Internet Technologies, Data Centers, Cybersecurity, Programming (Java, PERL, Visual Basic, and JavaScript), Operating Systems, and Hardware. Published an ebook on Cybersecurity in 2013 ( Training in Sales Force Intro, Management, and Technical Courses, Published 20 Cybersecurity articles and Presentations from October 2012 August 2013 ( ) Attended a 5-day course for ISO Lead Auditor Training. Passed the ISO Lead Auditor Exam Enrolled in the Cloud Computing Pathway education and certification program by The Art of Service in March 2011 Awarded Employee of the Quarter for first quarter 2010 at ESN because of the excellence and effectiveness of project leadership efforts. Thornton A. May s IT Leadership Academy, Value Studio Session 15 in Jacksonville, Florida, May 27-28, Wrote a technical article on Cloud Computing on January 1, 2009 at Web 2 the Magazine, an online publication Microsoft Management Excellence Foundation course in Bellevue, WA, July 27 31, 2008 Franklin Covey Management Training Seminar; Seven Habits of Effective Managers in Chicago, IL, October 17 18, Architecture and Design Conference sponsored by Dr. Dobbs in Chicago, IL from July 24 27, Data Center Technology Classes in a program sponsored by the Institute of Data Center Professionals and Marist College, Poughkeepsie, NY. Graduation date: March I won a NIST sponsored $16,000 scholarship award to participate in this program 2007 Software Architecture & Developers Conference in Chicago, IL, July 23 26, 2007 ITIL Foundation v2 Training August 1 3, Passed ITIL v2 certification on August 3, Various conferences by TechTarget Conferences, in Data Center Management, and in Information Security, 2003, 2004, In Fall 2002, I developed and taught a four month program in Java 2 and OO software development for SOLEX academy. LEAN Manufacturing Training for Chicago Manufacturing Center in June 2000 Various Web Seminars in IT Security and in Wireless Networking PROFESSIONAL ORGANIZATIONS: American Society of Industrial Security International Armed Forced Communications and Electronics Association Association for Computing Machinery Chicago Chapter of the Internet Society (President and Founder) Data Center Professionals Network EC Council Electronic Frontier Foundation Federal IT Security Institute IEEE Computer Society Institute for Data Center Professionals, Charter Member and Newsletter Editor ICTTF International Cyber Threat Task Force International Information Systems Security Certification Consortium, Inc., (ISC)² International Society for Auditing and Control Association (ISACA) - Member Internet Society, Supporting Member Microsoft Alumni Network Microsoft Developer Network The Planetary Society Project Management Institute Uptime Institute Security Clearances - Past: 2011 Secret Security clearance (High Risk) Background Investigation was restarted by the Department of Veterans Affairs after a six month break from the VA 2010 Secret Security clearance (High Risk) Background Investigation was conducted by the Department of Veterans Affairs 2009 DoD Secret Security clearance 2007 Public Trust Clearance by the Department of Veterans Affairs 12